This is an interesting topic (for me anyway). As to the python route...I guess you'd need something SSL-encrypted. Python doesn't come with SSL-support built-in. A recipe for a secure python xmlrpc server can be found at http://aspn.activestate.com/ASPN/Coo.../Recipe/496786
I always find dealing with SSL certificates a PITA at the best of times and particularly-so on Windows, so I'd be inclined to use "Pyro", a simple remote object system for python. See http://pyro.sourceforge.net/
. Although this can also use SSL (still a PITA) it can authenticate connections using a neat challenge-response method which means the access-password cannot be sniffed. Thus, if you don't need full encrypted communication, but want to restrict who can connect to your "admin" interface, this is a substantial simplification. If the RPC-server reads it's password from a read-protected file, then changing passwords is as simple as editing the password-file.
For this problem, writing the RPC-server is only part of the solution. To make this easy to deploy on a load of windows hosts you can build you python script into a stand-alone .exe package using "py2exe" (http://www.py2exe.org/index.cgi/Tutorial
). This avoids the need to install python on all Windows boxes (although this can be handy...). Finally, it's well worth building this into a self-installing executable using Inno-Setup (http://www.jrsoftware.org/
) or similar. You can added a script to the installer to do the steps necessary to add the RPC-server as a windows service. There are some instructions on this at
Overall, getting SSH running on windows will probably be less work, but definitely not as fun.